[ic] Did you know about AcceptRedirect? (part of a series)

Mike Heins mike at perusion.com
Mon Apr 25 11:57:08 EDT 2005 

Did you know Interchange 5.x can accept redirects from the web server?

NOTE: Most of this is Apache-specific. If your web server implements the
      same redirect scheme, it should apply with some changes in configuration
      syntax.

The AcceptRedirect interchange.cfg directive enables redirect processing
by Interchange. 

    # Add to interchange.cfg
    AcceptRedirect Yes

This allows Interchange to be the target of an ErrorDocument, Script, or
other facility within Apache.

Suppose you have a file repository, specifically for .tar.gz and .tar.bz2
files. If someone requests a file, and it is not there, you want to give
them a chance to upload it. You only want users logged in to Interchange
to have that chance.

To have Apache support Interchange in this, you would simply use the
LocationMatch directive in httpd.conf.

    <LocationMatch "/repository/.*\.tar\.(gz|bz2)$">
        Script        POST /cgi-bin/standard/upload
        ErrorDocument 404  /cgi-bin/standard/upload
    </LocationMatch>

If the access method is POST for any .tar.gz file on the server,
it will be passed to the "upload" page of the Interchange catalog
found at /cgi-bin/standard. If a .tar.gz file is not found, it will
likewise be passed to Interchange.

Steps that enable the following:

    1. Add the interchange.cfg AcceptRedirect directive and restart the
       IC server. Make sure that either you have "Mall No" in
       interchange.cfg, or that you otherwise can get a cookie to keep
       session alive (perhaps with CookieDomain).

    2. Make a symbolic link from your HTTP DOCUMENT_ROOT to 
       the catalog directory, i.e.:

        ln -s /var/www/html /var/lib/interchange/catalogs/standard
       
       Note that the user running interchange must have write
       permission on the "repository" directory.
    
    3. Add the LocationMatch above to your httpd.conf file and
       HUP or restart Apache.

WARNING: This is a dangerous application to leave enabled on your
server. Please test and then remove it.

You then create an upload.html page and put it in your catalog
pages directory:

[if !session logged_in]
    [deliver status="403 Not Authorized" type="text/html" int]
        Sorry, must be logged in. [page login]Log in</a>.
    [/deliver]
[/if]
[tmp is_redirect][env REDIRECT_URL][/tmp]

[if !scratch is_redirect]
    [deliver status="403 Not Authorized" type="text/html" interpolate=1]
        Sorry, this page only available via other URLs.
    [/deliver]
[/if]


[if cgi upload]

    [update user]
    [tmp isfile][value-extended name=file test=isfile][/tmp]
    [if scratch isfile]
        [value-extended
            name=file
            outfile="html[env REDIRECT_URL]"
            auto-create-dir=1
            umask=22
            yes=|
                Your upload succeeded! <a href="[env REDIRECT_URL]">Get it</a>
                |
            no="Upload failed. Contact admin."
        ]
    [else]
        [deliver
                status="412 Preconditon Failed"
                type="text/html"
                interpolate=1
        ]
            Sorry, no file was given to us.
            <a href="[env REDIRECT_URL]">Try again</a>?
        [/deliver]
    [/else]
    [/if]

[else]

    [calc]
        # Set the alias so that any future requests for our page
        # will find us
        my $current  = $Tag->var('MV_PAGE', 1);
        my $redirect = $Tag->env('REDIRECT_URL');
        my $path = "/$current$redirect";
        $Session->{path_alias}{$path} = $current;
        return;
    [/calc]

    <form enctype="multipart/form-data" method=POST action="[env REDIRECT_URL]">
    <fieldset style="-moz-border-radius: 8px">
    <legend>Upload a file</legend>
        File to upload: <input name=file type=file><br>
        <input type=hidden name=upload value=1>
        <input type=submit value=Upload>
    </fieldset>
    </form>
[/else]
[/if]

This page makes use of the [deliver] ITL tag, which immediately sends a file
or other output as a response, with the ability to set the HTTP status and
content type. All following tags are ignored.

It also makes use of the [env] tag, which pulls the HTTP server environment
from the request. We use it to find out what and where the redirect came
from.

We are also making use of the path_alias functionality of Interchange, which
allows you to alias (either one-time or permanent) a page for a user. This
allows us to handle the upload/somefile.tar.gz URL passed in some situations.

The page above does the following:

    1. If the user is not logged in, or tries to access the page
       via Interchange itself, delivers an error message and quits.

    2. If there is no upload (i.e. the upload CGI parameter is not set)
       it sends a form inviting an upload.

    3. If an upload is made but there is no file, gives an error message.

    4. If an upload is done, uses [value-extended] to write the uploaded
       file to the originally requested location. You can limit it
       to already-existing directories by setting auto-create-dir=0.

Quite complex and intelligent schemes are possible -- for instance, you
can have Interchange handle 404 requests for certain directories and
do a search or other function.

-- 
Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.647.1295  tollfree 800-949-1889 <mike at perusion.com>

"Even if you're on the right track, you'll get run over if you just
sit there." -- Will Rogers

More information about the interchange-users mailing list